<?php

    // Created By : Noan Babao
    // B.S. Computer Science - De La Salle Canlubang
    // October 27,2011
    //NOT IN parameters : documentType , documentName documentId , location
    //NOT OUT parameters : List of Attachments.

// Start - Checker for those users who will just go to the page by typing directly in the url.
if ($_POST) {
    // INCLUDES CONFIGURATION VARIABLES FOR DATABASE ACCESS
 $hostName = "localhost";
 $rootName = "dbasegr";
 $dBasePassword = "dbgr2012";
 $dBaseName = 'greenroute';

//    // CONNECT TO DATABASE
    $connect = mysql_connect($hostName,$rootName,$dBasePassword) or die ('Unable to connect!');
    mysql_select_db($dBaseName) or die ('Unable to select database!');

$username = $_POST['username'];
$password = $_POST['password'];
$firstName  = $_POST['firstName'];
$middleName  = $_POST['middleName'];
$lastName  = $_POST['lastName'];
$position  = explode(",",$_POST['position']);
$secretQuestion = $_POST['secretQuestion'];
$secretAnswer = $_POST['secretAnswer'];

//GET THE CURRENT DATE TIME
    date_default_timezone_set('Asia/Singapore');
    $currentDateTime = date("Y-m-d H:i:s" , time());
    

//Query Insert to Account
    $queryAccount = 
            "
    UPDATE Account
    SET password='$password' , firstName = '$firstName' , middleName='$middleName' , lastName='$lastName' , secretQuestion ='$secretQuestion' , secretAnswer='$secretAnswer',accountLastUpdated = '$currentDateTime'
    WHERE username= '$username'
";
 
  mysql_query($queryAccount) or die ('Error in query: $queryAttachment. ' . mysql_error());
 
    
//Query Get userId
    
    $queryUserId = 
           "
               SELECT * 
               FROM Account 
               WHERE username = '$username'
           ";


            
    
    
    $result = mysql_query($queryUserId) or die ('Error in query: $queryUserId. ' . mysql_error());
    if (mysql_num_rows($result) > 0){
        while ($row = mysql_fetch_array($result)) {

            $userId = $row['userId'];

        }
  
        //MAKE REMOVED POSITIONS INACTIVE
        
        $getPositions="SELECT * FROM Account_Dept_Pos WHERE userId='$userId'";
        $result = mysql_query($getPositions) or die ('Error in query: $getPositions. ' . mysql_error());
      
        
        if (mysql_num_rows($result) > 0){
            while ($row = mysql_fetch_array($result)) {

                if(!(in_array( $row['deptPosId'], $position))){
                    $current = $row['deptPosId'];
                    $updateDepPos = "UPDATE Account_Dept_Pos
                                     SET status='Inactive'
                                     WHERE userId='$userId' AND deptPosId = '$current'
                                    ";
                    
                    mysql_query($updateDepPos) or die ('Error in query: $updateDepPos. ' . mysql_error());
                }

            }
        }
        
        //ADD positions
        for($x=0;$x < count($position) - 1  ;$x++){
            
            
            $queryCheckDeptPos =
            "SELECT *
             FROM Account_Dept_Pos
             WHERE userId='$userId' AND deptPosId = '$position[$x]'
            ";
            
            $result = mysql_query($queryCheckDeptPos) or die ('Error in query: $queryCheckDeptPos. ' . mysql_error());
              if (mysql_num_rows($result) > 0){
                  while ($row = mysql_fetch_array($result)) {
                  $current = $row['deptPosId'];
                   
                  $updateDepPos = "UPDATE Account_Dept_Pos
                                     SET status = 'Active'
                                     WHERE userId='$userId' AND deptPosId = '$current'
                                    ";
                    
                    mysql_query($updateDepPos) or die ('Error in query: $updateDepPos. ' . mysql_error());
              }}
              else{
                   $addAccountDeptPos = "
                                        Insert Into Account_Dept_Pos 
                                        values('$userId','$position[$x]','Active');
                                     ";
                mysql_query($addAccountDeptPos) or die ('Error in query: $addAccountDeptPos. ' . mysql_error());
              }
            
        }
        echo json_encode(1);
    }
    else{
        echo json_encode(0);
    }
    
    
    
    
    mysql_close($connect);
}   // End - Checker for those users who will just go to the page by typing directly in the url.
else {
 echo "You are not authorized to view this page. This incident will be reported immediately.";
} 
?>
